Today we are releasing the implementation guide for EFF’s Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance&nbsp;for websites&nbsp;as to how&nbsp;to&nbsp;honor that request. EFF’s DNT policy sets out a meaningful response for servers to follow,&nbsp;and this guide provides details about how to apply it in practice.
At its core, DNT protects user privacy by excluding&nbsp;the&nbsp;use of unique identifiers&nbsp;for cross-site tracking, and by limiting the retention period of log data to ten days. This short retention period gives sites the time they need for debugging and security purposes, and to generate aggregate statistical data. From this baseline,&nbsp;the policy then allows exceptions&nbsp;when&nbsp;the user's&nbsp;interactions&nbsp;with the site—e.g., to post comments, make a purchase, or click on an ad—necessitates collecting more information. The site is then free to retain any data necessary to complete the transaction. We believe this approach balances users’ privacy expectations with the ability of websites to deliver the functionality users want.
Websites often integrate third-party content and rely on third-party services (like&nbsp;content delivery networks&nbsp;or&nbsp;analytics),&nbsp;and this creates the potential for user data to be leaked despite the best intentions of the site operator. The guide identifies potential pitfalls and catalogs providers of compliant services. It is common, for example, to embed media from platforms like You Tube, Sound Cloud, and Twitter, all of which track users whenever their widgets are loaded. Fortunately, Embedly, which offers control over the appearance of embeds, also supports DNT via its API,&nbsp;displaying a poster instead and loading&nbsp;the&nbsp;widget&nbsp;only if the user clicks on it knowingly.

Knowledge makes the difference between willing tracking and non-consensual tracking. Users should be able to choose whether they want to give up their privacy in exchange for using a site or&nbsp;a&nbsp;&nbsp;particular feature. This means sites need to be transparent about their practices. A great example of this is our biggest adopter, Medium, which&nbsp;does&nbsp;not track DNT users who browse the site&nbsp;and gives clear information about tracking to&nbsp;users when they choose&nbsp;to log in. This is their previous log-in panel, the DNT language is currently being added to their new interface.